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Claims 

1 . A method of accepting a pass code, comprising: 
providing a user with a machine-generated challenge; and 
receiving a response from the user, wherein said response represents a 

transformation from the challenge to a pass code allocated to the user, said response 
allowing the user to be validated against a stored data record of the pass code. 

2. The method of claim 1, wherein said challenge is independent of said pass 
code. 

3. The method of claim 1, further comprising generating a new challenge for 
each user validation. 

4. The method of claim 3, wherein said challenge is generated on a random 
basis. 

5. The method of claim 3, wherein the challenge is generated in response to 
receiving a request from a user for validation. 

6. The method of claim 1, wherein providing a user with a challenge comprises 
displaying the challenge to the user. 

7. The method of claim 6, wherein the challenge is displayed to the user in such a 
manner as to prevent third parties from viewing the challenge. 

8. The method of claim 1, wherein the response from the user is received as a set 
of one or more modifications to be applied to the challenge so that it matches the pass 
code allocated to the user. 

9. The method of claim 8, wherein said set of one or more modifications is 
received as directional input from the user. 
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10. The method of claim 9, wherein said directional input is received as the result 
of the user pressing one or more arrow keys that increment or decrement the challenge 
by a fixed amount. 

5 11. The method of claim 1 , wherein said challenge has the same number of 
characters as the pass code allocated to the user. 

12. The method of claim 11, wherein said transformation is specified individually 
for each character of the challenge. 

10 

13. The method of claim 12, further comprising receiving an indication from the 
user that the transformation for a different character is about to be entered. 

14. The method of claim 1, further comprising receiving an indication from the 
15 user that the response has been completely entered. 

15. The method of claim 1, further comprising generating an entered pass code 
from the challenge and from the response from the user. 

20 16. The method of claim 15, wherein the response is validated by comparing the 
entered pass code with the stored data record of the pass code. 

17. The method of claim 1, further comprising; 

receiving a communications challenge from an authorisation unit that has 
25 access to said stored data record of the pass code; 

using the response to encrypt said communications challenge; and 
transmitting the encrypted communications challenge to the authorisation unit, 

thereby allowing the response input by the user to be validated by said authorisation 

unit against said stored data record of the pass code. 

30 

18. A terminal for use in accepting a pass code, comprising: 

an output for providing a user with a machine-generated challenge; and 
an input for receiving a response from the user, wherein said response 
represents a transformation from the challenge to a pass code allocated to the user, 
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said response allowing the user to be validated against a stored data record of the pass 
code. 

19. The terminal of claim 18, wherein said challenge is independent of said pass 
5 code. 

20. The terminal of claim 18, wherein a new challenge is generated for each user 
validation. 

10 21 . The terminal of claim 20, wherein said challenge is generated on a random 
basis. 

22. The terminal of claim 20, wherein the challenge is generated in response to 
receiving a request from a user for validation. 

15 

23. The terminal of claim 18, further comprising a display, wherein the challenge 
is provided to the user on the display. 

24. The terminal of claim 23, wherein the terminal is configured to prevent parties 
20 other than the user from viewing the challenge on the display. 

25. The terminal of claim 18, wherein the response from the user is received as a 
set of one or more modifications to be applied to the challenge so that it matches the 
pass code allocated to the user. 

25 

26. The terminal of claim 25, wherein said set of one or more modifications is 
received as directional input from the user. 

27. The terminal of claim 26, further comprising one or more arrow keys that 
30 increment or decrement the challenge by a fixed amount. 

28. The terminal of claim 18, wherein said challenge has the same number of 
characters as the pass code allocated to the user. 
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29. The terminal of claim 28, wherein said transformation is specified individually 
for each character of the challenge. 

30. The terminal of claim 29, further comprising a key for receiving an indication 
5 from the user that the transformation for a different character is about to be entered. 

31. The terminal of claim 18, further comprising a key for receiving an indication 
from the user that the response has been completely entered. 

10 32. The terminal of claim 18, wherein an entered pass code is generated from the 
challenge and from the response from the user. 

33. The terminal of claim 32, wherein the response is validated by comparing the 
entered pass code with the stored data record of the pass code. 

15 

34. The terminal of claim 18, further comprising a communications link with an 
authorisation unit that has access to said stored data record of the pass code, wherein 
the terminal receives a communications challenge from said authorisation unit and 
uses the response to encrypt said communications challenge, and wherein the 

20 encrypted communications challenge is transmitted to the authorisation unit, thereby 
allowing the response input by the user to be validated by said authorisation unit 
against said stored data record of the pass code. 

35. Means for accepting a pass code, comprising: 

25 means for providing a user with a machine-generated challenge; and 

means for receiving a response from the user, wherein said response represents 
a transformation from the challenge to a pass code allocated to the user, said response 
allowing the user to be validated against a stored data record of the pass code. 

30 36. A method for using a pass code to validate a user, comprising: 
receiving a request from a user for validation; 
generating a challenge in response to said request; 
providing the user with the challenge; 
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receiving a response from the user, wherein said response represents a 
transformation from the challenge to the pass code; and 

validating the user on the basis of said response against a stored version of the 
pass code. 

5 

37. An authorisation system for using a pass code to validate a user, comprising: 

a random number generator operable to generate a challenge; 

an output device operable to provide the challenge to a user; 

an input device operable to receive a response to the challenge from the user, 
10 wherein said response represents a transformation from the challenge to the pass code 
allocated to the user; and 

a validation unit for authorising the user on the basis of said response against a 
stored version of the pass code. 

15 38. A computer program product comprising instructions encoded on a medium, 
said instructions when loaded into a machine causing the machine: 
to provide a user with a machine-generated challenge; and 
to receive as input a response from the user, wherein said response represents 
a transformation from the challenge to a pass code allocated to the user, said response 
20 allowing the user to be validated against a stored data record of the pass code. 

39. The computer program product of claim 38, wherein said challenge is 
independent of said pass code. 

25 40. The computer program product of claim 38, wherein said instructions further 
cause the machine to generate a new challenge for each user validation. 

41 . The computer program product of claim 40, wherein the challenge is 
generated in response to receiving a request from a user for validation. 

30 

42. The of computer program product of claim 40, wherein said challenge is 
generated on a random basis. 
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43. The computer program product of claim 38, wherein providing a user with a 
challenge comprises displaying the challenge to the user. 

44. The computer program product of claim 43, wherein the challenge is displayed 
5 to the user in such a manner as to prevent third parties from viewing the challenge. 

45. The computer program product of claim 38, wherein the response from the 
user is received as a set of one or more modifications to be applied to the challenge so 
that it matches the pass code allocated to the user. 

10 

46. The computer program product of claim 45, wherein said set of one or more 
modifications is received as directional input from the user. 

47. The computer program product of claim 46, wherein said directional input is 
15 received as the result of the user pressing one or more arrow keys that increment or 

decrement the challenge by a fixed amount. 

48. The computer program product of claim 38, wherein said challenge has the 
same number of characters as the pass code allocated to the user. 

20 

49. The computer program product of claim 48, wherein said transformation is 
specified individually for each character of the challenge. 

50. The computer program product of claim 49, wherein said instructions further 
25 cause the machine to receive an indication from the user that the transformation for a 

different character is about to be entered. 

5 1 . The computer program product of claim 38, wherein said instructions further 
cause the machine to receive an indication from the user that the response has been 

30 completely entered. 

52. The computer program product of claim 38, wherein said instructions further 
cause the machine to generate an entered pass code from the challenge and from the 
response from the user. 
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53. The computer program product of claim 52, wherein the response is validated 
by comparing the entered pass code with the stored data record of the pass code. 

54. The computer program product of claim 38, wherein the instructions further 
cause the machine: 

to receive a communications challenge from an authorisation unit that has 

access to said stored data record of the pass code; 

to use the response to encrypt said communications challenge; and 

to transmit the encrypted communications challenge to the authorisation unit, 

thereby allowing the response input by the user to be validated by said authorisation 

unit against said stored data record of the pass code. 
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